Privacy notice - format

Introduction

CFC are committed to safeguarding the personal information and privacy of all people who we come into contact with, whether customers, volunteers, suppliers and supporters or just members of the public making an enquiry. This Privacy Policy describes exactly how we collect and use your personal information.

We may update this Privacy Policy from time to time so please check back periodically. We will notify you of significant changes by placing a notice on our website.

By contacting us, using our services or visiting our website you are agreeing to be bound by this Policy.

It should be noted that CFC keeps data processing to a minimum. CFC is exempt from registration with the ICO as a data controller or processor due to the small amount of information stored and our limited charitable status.

Your personal data, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the Data Protection Act and equivalent EU regulations.

Who we are?

Computers for Charities is a registered charity (1107802), operating since 1994 providing independent and impartial I.T advice and support to UK based Charities, Voluntary Organisations, Schools, Churches, Faith groups & more

What information do we collect?

We do not keep volunteer information on computerised systems.
We do not maintain contact databases for marketing or canvassing purposes other than circulation of our newsletter. You may unsubscribe at any time by e-mailing CFC
We do not store financial or bank account details of any clients.
We do not use cookies or tracking tokens on our website
We do not procure information from other third parties (e.g. marketing databases)

How do we use personal information?

We will maintain the minimum data required to provide our goods and services, e.g. names and delivery addresses.
We will maintain data to fulfil legal obligations, for example for the wellbeing of our volunteers, or the prevention of fraud (charity registrations, VAT exemptions etc.)

What legal basis do we have for processing your personal data?

We will keep data by consent (for example volunteer details, e-mail addresses for newsletter)
We will keep data for legitimate contract reasons (for example recognising warranty)
We will keep data where it is clear there is a legal obligation to do so

When do we share personal data?

Personal data will only be shared for legitimate business reasons - for example, for a delivery service or technical support where contact details are required. Details may also be shared in the case of a medical emergency affecting a volunteer. In such cases only the elements essentially required will be divulged.

Where do we store and process personal data?

Any data stored electronically (other than in transitory e-mails) will be stored on our own data servers which are located in-house. CFC do not utilise cloud storage. Volunteer details are not electronically stored other than e-mail distribution details.

How do we secure personal data?

Computers for Charities has a server network with secure user level authentication to prevent unauthorised access. The server has redundancy to minimise the chance of data loss. High level authentication minimises the risk unauthorised access. In any case the level of data stored is kept minimal. A risk register is compiled and reviewed periodically to make sure that we introduce no increased risk either through technical or procedural changes.

Systems are maintained in-house and there is no third party access.

How long do we keep your personal data for?

This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

We will retain your personal data as follows:

Volunteer data will be held as long as people remain as volunteers and will be reviewed annually for accuracy.
Limited customer data will be held in order to recognize warranties.

In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will periodically review data held with a view to deleting any personal data which is no longer required

Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Your rights in relation to personal data

You have the rights listed below at any time to access and control your personal data. You will at all times have the right to:-

See the content of any information held
Request it to be corrected or deleted
Place specific limitation on our ability to share that information

These rights can be exercised at any time by contacting CFC in writing, either by paper or electronically. Please note that it may, dependent upon the circumstances, be necessary to contact you directly in order to verify your identity before requests can be processed.

Where requests are made, Computers for Charities will comply as soon as possible and respond within 30 days, either with confirmation of action OR a statement of why we are unable to process your request (for example where we are required to keep records for legal or statutory reasons).

How to contact us?

You may contact us using the "Contact Us" option on our website (www.computersforcharities.org).

You may write to us by letter:-

Computers for Charities
Cemetery Lodge
Ersham Road
Hailsham
East Sussex
BN27 3LJ
United Kingdom

You may e-mail us:- simon@computersforcharities.org

Nov 2018